Contents
About Kaspersky Security for Virtualization 6.0 Agentless
Kaspersky Security for Virtualization 6.0 Agentless (hereinafter also "Kaspersky Security") is an integrated solution that protects virtual machines on a VMware ESXi hypervisor against viruses and other malware, as well as network threats.
Kaspersky Security lets you protect virtual machines running Windows guest operating systems, including those running server operating systems, and virtual machines running Linux guest operating systems.
Kaspersky Security includes the following components:
- File Threat Protection. Protects the file system objects of a virtual machine against infection. The component is launched at the startup of Kaspersky Security. It protects virtual machines and scans the file system of virtual machines.
- Network Threat Protection. This component lets you detect and block activity that is typical of network attacks and other suspicious network activity, and lets you scan web addressed requested by a user or application, and block access to web addresses if a threat is detected.
- Integration Server. The component facilitates interaction between Kaspersky Security components and a VMware virtual infrastructure.
The File Threat Protection and Network Threat Protection components are installed on SVMs that are deployed on VMware ESXi hypervisors within the infrastructure of the anti-virus protection provider.
Kaspersky Security features:
- Protection. Kaspersky Security scans all files that the user or an application opens, saves, or launches on a virtual machine.
- If the file is free of malware, Kaspersky Security will grant access to the file.
- If malware is detected in the file, Kaspersky Security will perform the action that is specified in its settings. For example, it will delete the file or block access to the file.
Kaspersky Security can protect only powered-on virtual machines.
- Scan. The application lets you perform a virus scan on files of virtual machines. Virtual machine files must be scanned regularly with new anti-virus databases to prevent the spread of malicious objects. You can perform an on-demand scan or specify a scan schedule.
Kaspersky Security can scan powered-on virtual machines, virtual machine templates, and powered-off virtual machines that have the following file systems: NTFS, FAT32, EXT2, EXT3, EXT4, XFS, BTRFS.
- Intrusion Prevention. Kaspersky Security lets you analyze network traffic of protected virtual machines and detect network attacks and suspicious network activity that may be a sign of an intrusion into the protected infrastructure. When it detects an attempted network attack on a virtual machine or suspicious network activity, Kaspersky Security can terminate the connection and block traffic from the IP address from which the network attack or suspicious network activity originated.
Intrusion prevention settings are defined by the anti-virus protection provider.
- Web addresses scan. Kaspersky Security lets you scan web addresses that are requested over the HTTP protocol by a user or application installed on the virtual machine. If Kaspersky Security detects a web address from one of the web address categories selected for detection, the application can block access to the web address. By default, Kaspersky Security scans web addresses to check if they are malicious or phishing web addresses.
Web address scan settings are defined by the anti-virus protection provider.
- Storing backup copies of files. The application allows storing backup copies of files that have been deleted or modified during disinfection. If a disinfected file contained information that became partially or completely inaccessible after disinfection, the file can be restored from its backup copy.
All actions taken on backup copies of files are performed by the anti-virus protection provider.
About managing the application
Kaspersky Security is administered by Kaspersky Security Center, the remote centralized Kaspersky application administration system.
The Kaspersky Security administration plug-in for tenants provides the interface for managing the Kaspersky Security application through Kaspersky Security Center. The administration plug-in must be installed on the computer where the Kaspersky Security Center Administration Console is installed.
Kaspersky Security is managed through policies and tasks.
A policy is a group of settings used by SVMs to protect virtual machines within the protected infrastructure. Each policy contains one or multiple protection profiles. Protection profiles let you configure the settings for file protection of virtual machines.
Tasks are run on SVMs and let you scan virtual machines.
Kaspersky Security sends the Kaspersky Security Center Administration Server information about all events that occur during anti-virus protection and scanning of virtual machines, as well as information about events that occur when preventing intrusions and scanning web addresses. You can receive notifications about events and view them in Kaspersky Security Center.
For detailed information about working with events, policies and tasks, please refer to the Kaspersky Security Center documentation.
Page topAbout Kaspersky Security policies
A policy lets you use protection profiles to configure the settings for virtual machine file protection, and configure the settings for using Kaspersky Security Network.
Policies are created by using the Wizard, which is started by clicking the New policy button located in the workspace of the Managed devices folder on the Policies tab.
You can create multiple policies, but only one of them can be active. When you create a new active policy, the previous active policy becomes inactive.
You can change the settings of a policy after its creation in the policy properties window.
To open the policy properties window:
- In the Kaspersky Security Center Administration Console, select the Managed devices folder.
- In the workspace, select the Policies tab.
- In the list of policies, select the policy and open the Properties: <Policy name> window by double-clicking on the policy or by selecting Properties in the context menu.
For more information about managing policies, see Kaspersky Security Center documentation.
Page topAbout protection profiles
The following protection profiles are provided in Kaspersky Security policies:
- The main protection profile is automatically created when a policy is created. Although the main protection profile cannot be deleted, you can edit its settings.
- You can create additional protection profiles after creating a policy. Additional protection profiles let you flexibly configure different protection settings for different virtual machines within the protected infrastructure. A policy can contain multiple additional protection profiles.
You can configure the following settings in protection profiles:
- Security level. You can select one of the preset security levels (High, Recommended, Low) or configure your own security level (Custom). The security level defines the following scan settings:
- Scanning of archives, self-unpacking archives, embedded OLE objects, and compound files
- Restriction on file scan duration
- List of objects to detect
- Action that Kaspersky Security performs after detecting infected files.
- Protection scope (scanning of network drives during protection of virtual machines).
- Exclusions from protection (by name, by file extension or path, by file mask or path to the folder containing files to be skipped).
A protection profile can be assigned to an individual VMware virtual infrastructure object or to the root element of the protected infrastructure, which can include a vCloud Director organization. By default, a protection profile assigned to the root element of a protected infrastructure is inherited by all child elements of the protected infrastructure (virtual machines and their combinations).
Protection profiles are also inherited according to the hierarchy of VMware virtual infrastructure objects: the protection profile assigned to a virtual infrastructure object is inherited by all of its child objects, including virtual machines, unless the child object/virtual machine has been assigned its own protection profile or unless the child object/virtual machine has been excluded from protection. This means that you can either assign a specific protection profile to a virtual machine, or let it inherit the protection profile that is used by its parent object.
Only one protection profile may be assigned to a single virtual infrastructure object. Kaspersky Security protects virtual machines according to the settings that are specified in the protection profile assigned to these virtual machines.
Virtual infrastructure objects that have no assigned protection profile are excluded from protection.
If you exclude a virtual infrastructure object from protection, all child objects that inherited the protection profile from the parent object are also excluded from protection. You can exclude from protection all child objects that have their own protection profile assigned, or leave them under the protection of the application.
Protection profile inheritance makes it possible to assign identical protection settings to multiple virtual machines simultaneously. For example, you can assign identical protection profiles to all virtual machines that are part of a virtual Datacenter.
Page topAbout tasks
The following tasks are available for Kaspersky Security:
- Full Scan task for virtual machines. This task lets you run a virus scan on the files of all virtual machines in your virtual infrastructure.
- Custom Scan task for virtual machines. This task lets you run a virus scan on the files of those virtual machines that you specified in the task settings. You can specify individual virtual machines or VMware virtual infrastructure objects of a higher level of the hierarchy.
Tasks are created by using the Wizard, which is started by clicking the New task button located in the workspace of the Managed devices folder on the Tasks tab.
You can change the settings of a task after its creation in the task properties window.
To open the task properties window:
- In the Kaspersky Security Center Administration Console, select the Managed devices folder.
- In the workspace, select the Tasks tab.
- In the list of tasks, select the task and open the Properties: <Task name> window by double-clicking on the task or by selecting Properties in the context menu.
Regardless of the selected task run mode, you can start or stop the task at any time.
To start or stop a task:
- In the Kaspersky Security Center Administration Console, select the Managed devices folder.
- In the workspace, select the Tasks tab.
- In the list of tasks, select the task that you want to start or stop.
- Click the Start or Stop button. The buttons are located to the right of the task list.
Information about the progress and results of the task can be viewed in the Kaspersky Security Center Administration Console in one of the following ways:
- In the Task results window. To open the window, click the View results link on the right of the task list displayed on the Tasks tab in the workspace of the Managed devices folder.
- In the event list that is displayed on the Events tab in the workspace of the Administration Server node.
You can also perform the following actions with tasks:
- Copy tasks from one folder or administration group into another.
- Export tasks to a file and import tasks from a file.
- Convert tasks from the previous version of the application.
- Delete tasks.
For more information about managing tasks, see Kaspersky Security Center documentation.
Page top